Yahoo Mail Hack Endangered Half a Billion Accounts

Image by Stu Sjouwerman / blog.knowbe4.com

This year has been awfully difficult for Yahoo and its employees. Just recently, it announced to the tech world that it would be selling its core business to Verizon at the price tag of US$4.83 billion. It’s a sad ending for the hugely popular website.

But it seems that the troubles weren’t really over. Just a week ago, news broke out that 500 million Yahoo accounts have been hacked. The security breach was claimed to be done by a ‘state-sponsored actor’ who was able to acquire names, passwords, birth dates, and even the most sensitive security questions. Tech experts have claimed that this has been the biggest hack in the history of mankind.

Insult to injury

Image courtesy of thaivisa.com

The hacking incident was not only alarming to many Yahoo users; it added salt to the wound as it did not disclose to the public that the hacking happened in 2014, two years ago and nobody knew about it. This led six Democratic Senators to write a letter to CEO Marissa Mayer namely Patrick Leahy (VT), Al Franken (MN), Elizabeth Warren (MA), Richard Blumenthal (CT), Ron Wyden (OR), and Edward Markey (MA).

According to the letter, the Senators were “disturbed that user information was first compromised in 2014, yet the company only announced the breach last week.” As a result, it was likely that “millions of Americans’ data may have been compromised for two years.” The two-page document requested Mayer to answer eight pressing questions with regards to the incident.

Yahoo has complied to the request of the Senate but they’re not only facing this at a national scale. Both the Federal Bureau of Investigation (FBI) and the Securities and Exchange Commission (SEC) have been asked to jump in and investigate the string of security breaches. Class-action lawsuits have delivered to the doorsteps of Mayer, putting her at a very difficult position.

According to some reports, Yahoo recently filed with the SEC declaring that there have been no recent incidents of security breaches. But should the investigation prove that they had prior knowledge of the security breaches, Mayer and her team may fall into deep water for their lack of disclosure.

Change passwords now

Image by Suzanne Kantra / techlicious.com

In light of the recent Yahoo account hacking, the company has issued an advisory requesting their users to change their passwords for their accounts. The Yahoo protocol involved changing the current password into a new password that has not been used for any other online account.

According to tech experts, passwords should be treated with utmost importance as it is the most common and often vulnerable type of security. In a CNN article, users are given three important tips:

Change passwords as often as possible. Apple requires their users to change passwords every year while banking institutions may require their clients to change their passwords as often as six months. There is not hard and fast rule to changing passwords but it is important not to keep passwords dormant so hackers will get lower chances of accessing your account.

Use different passwords for different accounts. One common problem with passwords is that when only one is used for all your accounts, it’s like giving the hacker an all-access pass to all your accounts.

Use different characters. Most websites will require you to enter a mix of numbers, letters, and special characters to form your password. Some are case sensitive as well which ups the safety of your password. Avoid typical passwords like “password” or “123456”. Even birth dates are discouraged to be used as passwords.

Yahoo is the latest victim of password hacking. Other websites that have been compromised before include LinkedIn and even Twitter. Users are advised to take extra precautions in creating and using passwords.